Skip to content

Security: WilliamMajanja/CI-Lib

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in CI-Lib, Tank & Dozer, or any associated component, please report it privately.

Do not open a public issue. Instead, email the maintainer or open a draft security advisory on GitHub.

We will acknowledge receipt within 48 hours and provide a timeline for a fix. Security issues are prioritised above all other work.

Scope

  • ci_lib/ — Core library code
  • backend/ — FastAPI REST API
  • frontend/ — Streamlit dashboard
  • tankdozer/ — CLI tool

Out of Scope

  • Third-party dependencies (report to their respective maintainers)
  • Theoretical attacks requiring physical access
  • Vulnerabilities in unmaintained versions

Disclosure

We follow coordinated disclosure: a fix will be released before public announcement.

There aren't any published security advisories